Back to plugin
Pluginv1.0.0
ClawScan security
AIsa Provider · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 22, 2026, 7:36 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The package is mostly coherent for an API-provider plugin (it legitimately needs an AISA_API_KEY), but there are mismatches between the registry metadata and the packaged files and a few packaging/instruction gaps that should be resolved before trusting it with credentials.
- Guidance
- This package appears to be a legitimate AIsa provider plugin, but before installing: (1) confirm that the plugin really requires AISA_API_KEY (the package files require it even though the registry summary said none), and only provide that API key if you trust https://aisa.one and your procurement/compliance checks; (2) check whether the referenced scripts/ files or onboarding CLI exist in your installed bundle — the SKILL.md references repo-relative scripts that are not present in the file list shown; (3) don't treat marketing claims (e.g., 'Zero Data Retention') as verified — ask AIsa for their contract/technical evidence if privacy guarantees matter; (4) minimize blast radius: create and use a dedicated AISA API key with least privilege and monitoring, and rotate/delete the key if you stop using the plugin.
Review Dimensions
- Purpose & Capability
- noteThe skill's stated purpose (AIsa model/provider routing) matches the contents: manifests, README, and SKILL.md all describe a provider that requires an AISA_API_KEY and calls api.aisa.one. However the top-level registry metadata (presented above) reported 'Required env vars: none' which contradicts the plugin's internal configSchema and SKILL.md that declare AISA_API_KEY as required.
- Instruction Scope
- noteThe runtime instructions are narrowly scoped to provider configuration and model routing (examples, curl calls to api.aisa.one, guidance to set AISA_API_KEY). That's appropriate. Two concerns: (1) SKILL.md and README reference repo-relative scripts/ paths and example CLI flows, but the package manifest shown does not include a scripts/ directory — instructions may reference files not present in the bundle. (2) The skill asserts guardrails (e.g., 'Do not ask for extra credentials') and privacy claims (Zero Data Retention) which are policy statements, not enforceable; the agent will not be able to verify those claims automatically.
- Install Mechanism
- okNo install spec; it's instruction-only plus a tiny native wrapper (index.ts). Nothing is downloaded or executed at install time, which minimizes install-time risk.
- Credentials
- noteThe only credential required by the skill files is AISA_API_KEY (declared as primaryEnv in SKILL.md and required in openclaw.plugin.json), which is proportionate for an API gateway/provider plugin. The earlier registry summary's claim of 'no required env vars' is inconsistent with this and should be corrected. No unrelated credentials, secrets, or config paths are requested.
- Persistence & Privilege
- okThe package does not request 'always: true' and is user-invocable (normal). It does not modify other skills or ask for system-wide config. The tiny index.ts is a passive native wrapper and does not increase privilege.